fromflaskimportFlask,jsonify,requestfromflask_jwt_extendedimport(JWTManager,jwt_required,create_access_token,get_jwt_identity)app=Flask(__name__)# Setup the Flask-JWT-Extended extensionapp.config['JWT_SECRET_KEY']='super-secret'# Change this!jwt=JWTManager(app)# Provide a method to create access tokens. The create_access_token()# function is used to actually generate the token, and you can return# it to the caller however you choose.@app.route('/login',methods=['POST'])deflogin():ifnotrequest.is_json:returnjsonify({"msg":"Missing JSON in request"}),400username=request.json.get('username',None)password=request.json.get('password',None)ifnotusername:returnjsonify({"msg":"Missing username parameter"}),400ifnotpassword:returnjsonify({"msg":"Missing password parameter"}),400ifusername!='test'orpassword!='test':returnjsonify({"msg":"Bad username or password"}),401# Identity can be any data that is json serializableaccess_token=create_access_token(identity=username)returnjsonify(access_token=access_token),200# Protect a view with jwt_required, which requires a valid access token# in the request to access.@app.route('/protected',methods=['GET'])@jwt_requireddefprotected():# Access the identity of the current user with get_jwt_identitycurrent_user=get_jwt_identity()returnjsonify(logged_in_as=current_user),200if__name__=='__main__':app.run()

To access a jwt_required protected view, all we have to do is send in the
JWT with the request. By default, this is done with an authorization header
that looks like:

NOTE: Remember to change the secret key of your application, and insure that no
one is able to view it. The JSON Web Tokens are signed with the secret key, so
if someone gets that, they can create arbitrary tokens, and in essence log in
as any user.